In a recent security advisory, Ubiquiti has announced the discovery of 25 vulnerabilities within its UniFi ecosystem. These issues, detailed in Security Advisory Bulletin 066, include several critical vulnerabilities with CVSS v3.1 scores of 9.9 and 10.0, posing significant risks of network-based attacks allowing complete device compromise.
Key Vulnerabilities Identified
The vulnerabilities affect a range of UniFi products, including Connect, Talk, Access, Protect, and Network Applications, as well as the core UniFi OS platform utilized by UDM, UNVR, and UNAS device families. Last month, Ubiquiti addressed critical vulnerabilities that allowed remote privilege escalation on the UniFi OS platform.
Among the most severe issues is CVE-2026-50746, receiving a maximum score of 10.0. This flaw involves improper access control in the UniFi Connect Application (version 3.4.16 and before), allowing unauthenticated attackers on the network to execute command injections. Other critical vulnerabilities, such as CVE-2026-50747 and CVE-2026-50748, involve SQL injection and command injection in UniFi Talk and Access, respectively, both scored at 9.9.
Impact on UniFi Products
Additional significant bugs include CVE-2026-54402, a command injection vulnerability in the UniFi OS, and CVE-2026-55115, which involves SSRF-driven privilege escalation in UniFi Protect, both rated at 9.9. Another notable vulnerability is CVE-2026-55116, an improper access control issue with a score of 9.0, which impacts UDM, UDM-Pro, UDM-SE, and related gateway hardware, allowing unauthorized configuration changes.
High-severity vulnerabilities also include CVE-2026-54403, a path traversal issue rated 8.6, and CVE-2026-54404, which exploits authenticated SQL injection. These vulnerabilities could be combined to bypass low-privilege access requirements.
Mitigation and Future Outlook
Ubiquiti has released updates for all affected products, urging administrators to apply these patches immediately. The fixed versions address vulnerabilities across various applications, including UniFi Connect, Talk, Access, Network Application, and Protect.
The advisory credits numerous independent security researchers for uncovering these vulnerabilities, highlighting the collaborative effort to enhance the security of UniFi products. With no interim workarounds available, organizations using affected hardware are advised to prioritize firmware updates to safeguard their networks against potential exploitation.
As security threats continue to evolve, maintaining up-to-date systems remains crucial for protecting organizational networks from cyber threats. Ubiquiti’s proactive disclosure and patching of these vulnerabilities underscore the importance of vigilance and timely response in cybersecurity.
